Jplopezy

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop client version 2.6.4 **Description** A cross-site scripting error in the Nextcloud Desktop client allowed an attacker to present any HTML, including local links, when responding with invalid data on a login attempt. **Recommendations** For Nextcloud Desktop client version 2.6.4, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.